Identity Ecosystem Design challenges. Wim Coulier eidas Expert Belgian Mobile ID

Transcription

1 Identity Ecosystem Design challenges Wim Coulier eidas Expert Belgian Mobile ID

2 Belgian Mobile ID respects the guidelines provided by is the reference for digital identification and authentication in Belgium

3 itsme provides every Belgian citizen with a unique, secure mobile identity so that there is no doubt that anybody who wishes to sign up, log in, confirm or sign an online transaction or electronic document is precisely who they claim to be.

4 Our Services 4 strong enablers for every process digitalization project Sign up Log in Confirm Sign

5 How does it work? See YouTube itsme app channel Overview: Login: Confirm:

6 But how did we get there?

7 Main initial discussions A digital society needs a digital ID.What is the real problem to be solved? Business choices Functionalities to be supported? Verified ID or not? (level of Assurance) Use of secure element for all transactions or not? (level of Security) Multiple accounts on different devices or not? How to avoid abuse of personal data? Business model? Who pays? Technological choices? SIM applet or smartphone app based solution? Technical standards

8 Mission statement Security Privacy European style Convenience Need protection against identity hacking/theft Websites ask more and more information on users Poor user convenience A secure solution allowing users to manage and protect their privacy through a convenient and universal product offering.

9 High level principles 1 account per user No separate account for other usages Roles or attributes linked to the single account to differentiate usages Verified ID only Data from Belgian eid or foreigner card Copy of data of Belgian National Register Data electronically captured During bank KYC process or online with PIN code entry

10 Belgian Mobile ID imposes a clear code of commitment ID registrars deliver trusted identity Telecom Operators deliver security

11 Easy Consistent simple user interface Control Secure

12 Control Secure Easy Security factors compared to current solutions Something I have Secure element Something I know Something I am

13 Easy itsme is highly secured Application (Software) Gemalto SDK ID data are not on the Smartphone Native development Control Secure User action Smartphone ios or Android Network Operators (Hardware) SIM binding Transaction security checks User Phone Account status checks Internal Processes

14 Control Secure Easy What about privacy? GDPR Right of Access (Article 15) Right to be forgotten & to data erasure (Article 17) Right to data portability (Article 20)

15 Control Secure Easy What about privacy? I m 100% in control No commercial use of my data

16 itsme in 5 characteristics 1. Link with ID Verified ID Strong ID proofing Level of assurance 2. Link with SIM Combines software & hardware security (secure element) MNO independent technology (patent pending) No SIM swap needed Security Level 3. C itsme app Link with Customers Smartphone app (rich User experience) Combines convenience, privacy & security Service scope 4. Ecosystem JV of the major banks and MNOs Full backing from government & administration Market standard 5. Open API model Value creation for Customers based on assurance and security Reach

17 Enforcing the principles to the open ecosystem eidas Regulation (eim & Qualified Signatures) Privacy: GDPR Competition Law Fin. Institutes Regulations Scheme Compliance Management Body Scheme Advisory Committee Scheme Governance Align with: IdentIty Registrars SIM Controllers Customers As well as: Legal Councel Product Management Applying for Qualified TSP for Signature Valid. (eidas)

18 Scheme characteristics Same rules for all participants No boundaries for internationalization Guarantees ecosystem is open to everyone Anyone who meets conditions can become Identity Registrar, SIM Controller or Service Provider Contract per participant per role referring to Rulebook Rulebook o o o o Common terminology Legal Rules (general rules, data protection, terms and conditions) Functional Documentation (branding guidelines, ID data requirements, user enrolment processes, logs and records keeping, security requirements, service descriptions) Technical Documentation (security & architecture, environments description, integration documentation, developer guides) Partner onboarding process o o o o Inform Sign contracts Integrate Audit

19 Thank you BelgianMobileID.be itsme.be